TY - GEN
T1 - Traffic-aware firewall optimization strategies
AU - Acharya, Subrata
AU - Wang, Jia
AU - Ge, Zihui
AU - Znati, Taieb F.
AU - Greenberg, Albert
PY - 2006
Y1 - 2006
N2 - The overall performance of a firewall is crucial in enforcing and administrating security, especially when the network is under attack. The continuous growth of the Internet, coupled with the increasing sophistication of the attacks, is placing stringent demands on firewall performance. In this paper, we describe a traffic-aware optimization framework to improve the operational cost of firewalls. Based on this framework, we design a set of tools that inspect and analyze both multidimensional firewall rules and traffic logs and construct the optimal equivalent firewall rules based on the observed traffic characteristics. To the best of our knowledge, this work is the first to use traffic characteristics in firewall optimization. Furthermore, we develop a novel adaptation mechanism that dynamically detects anomalous traffic behavior and adaptively alters the firewall rules to avoid serious performance degradation due to the traffic anomaly. To evaluate the performance of our approaches, we collected a large set of firewall rules and traffic logs at tens of enterprise networks managed by a Tier-1 service provider. Our evaluation results find these approaches very effective. In particular, we achieve more than 10 fold performance improvement by using the proposed traffic-aware firewall optimization.
AB - The overall performance of a firewall is crucial in enforcing and administrating security, especially when the network is under attack. The continuous growth of the Internet, coupled with the increasing sophistication of the attacks, is placing stringent demands on firewall performance. In this paper, we describe a traffic-aware optimization framework to improve the operational cost of firewalls. Based on this framework, we design a set of tools that inspect and analyze both multidimensional firewall rules and traffic logs and construct the optimal equivalent firewall rules based on the observed traffic characteristics. To the best of our knowledge, this work is the first to use traffic characteristics in firewall optimization. Furthermore, we develop a novel adaptation mechanism that dynamically detects anomalous traffic behavior and adaptively alters the firewall rules to avoid serious performance degradation due to the traffic anomaly. To evaluate the performance of our approaches, we collected a large set of firewall rules and traffic logs at tens of enterprise networks managed by a Tier-1 service provider. Our evaluation results find these approaches very effective. In particular, we achieve more than 10 fold performance improvement by using the proposed traffic-aware firewall optimization.
UR - http://www.scopus.com/inward/record.url?scp=42549122173&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=42549122173&partnerID=8YFLogxK
U2 - 10.1109/ICC.2006.255101
DO - 10.1109/ICC.2006.255101
M3 - Conference contribution
AN - SCOPUS:42549122173
SN - 1424403553
SN - 9781424403554
T3 - IEEE International Conference on Communications
SP - 2225
EP - 2230
BT - 2006 IEEE International Conference on Communications, ICC 2006
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2006 IEEE International Conference on Communications, ICC 2006
Y2 - 11 July 2006 through 15 July 2006
ER -